
THAT WHICH IS CLAIMED: 



1 . A method for dynamically creating a tunnel in a communications network 
to provide subscribers host access to a network service, comprising: 

storing a subscriber profile in a network database, wherein the subscriber 
profile includes subscriber-specific network service tunneling requirements; 

receiving at a network device a first subscriber data packet associated with 
a first network service; 

accessing the subscriber profile to determine if the first network service 
has a subscriber-specific tunneling requirement; and 

creating a first tunnel if a determination is made that the subscriber profile 
requires a first network service tunnel, wherein the first tunnel has a first end point at the 
network device and a second end point at the first network service. 

2. The method of Claim 1, wherein storing a subscriber profile comprises 
storing at least one parameter chosen from the group consisting of the network access 
identifier, a user/subscriber name and a user/subscriber password. 

3. The method of Claim 1 , further comprising determining if a first tunnel 
between the network device and the first network service pre-exists prior to creating the 
tunnel between the network device and the first network service. 

4. The method of Claim 1 , wherein more than one subscriber accessing the 
communication network through the network device can simultaneously transmit data 
packets to the first network service via the first tunnel. 

5. The method of Claim 1 , wherein the method further comprises: 
receiving at the network device a second subscriber data packet associated 

with a second network service; 

accessing the subscriber profile to determine if the second network service 
has a subscriber-specific tunneling requirement; and 
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creating a second tunnel if a determination is made that the subscriber 
profile requires a second network service tunnel, wherein the second tunnel has a first 
end point at the network device and a second end point at the second network service. 

6. The method of Claim 5, further comprising determining if a second tunnel 
between the network device and the second network service pre-exists prior to creating 
the tunnel between the network device and the second net6work service. 

7. The method of Claim 5, wherein the second tunnel is functional 
simultaneous with the functioning of the first tunnel. 

8. The method of Claim 5, wherein the more than one subscriber accessing 
the communication network through the network device can simultaneously transmit data 
packets to the first network service via the first tunnel and the second network service via 
the second tunnel. 

9. A system for dynamically creating a tunnel in a communications network 
to provide a subscriber host access to a destination network, comprising: 

a storage device that stores a subscriber profile, wherein the subscriber 
profile includes subscriber-specific network service tunneling requirements; 

means for receiving at a network device a first data packet associated with 
a first network service; 

means for accessing the subscriber profile to determine if the first network 
service has a subscriber-specific tunneling requirement; and 

means for creating a first tunnel if a determination is made that the 
subscriber profile requires a first network service tunnel, wherein the first tunnel has a 
first end point at the network device and a second end point at the first network service. 

10. The system of Claim 9, further comprising a means for determining if a 

fist tunnel between the network device and the first network service pre-exists prior to 

creating the tunnel between the network device and the first network service. 
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1 1 . The system of Claim 9, further comprising: 

means for receiving at the network device a second data packet associated 
with a second network service; 

means for accessing the subscriber profile to determine if the second 
network service has a subscriber-specific tunneling requirement; and 

means for creating a second tunnel if a determination is made that the 
subscriber profile requires a second network service tunnel, wherein the second tunnel 
has a first end point at the network device and a second end point at the second network 
service. 

12. A network device that dynamically creates a tunnel in a communications 
network to provide a subscriber host access to a destination network, comprising: 

a processor that receives from a subscriber a data packet associated with a 
network service; 

a database accessed by the processor that stores a subscriber profile that 
defines the tunnel requirements for the network service; and 

a tunnel management module implemented by the processor that 
communicates with the database to determine if the subscriber requires a tunnel for 
access to the network service and, if a determination is made that the tunnel is required, 
the tunnel management module creates a tunnel access session between the network 
device and the network service. 

13. The network device of Claim 12, further comprising a session 
management module implemented by the processor that communicates with the database 
to manage the tunnel access session provided by the network device. 

14. The network device of Claim 12, wherein the tunnel management module 
determines if a tunnel between the network device and the network service pre-exists 
prior to creating the tunnel between the network device and the network service. 
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15. The network device of Claim 12, wherein the tunnel management module 
is capable of creating more than one tunnel access session for simultaneous subscriber 
access to more than one network service. 

16. The network device of Claim 12 5 wherein the tunnel management module 
is capable of providing simultaneous access to the tunnel access session to more than one 
subscriber accessing the communication network through the network device. 

17. The network device of Claim 16, further comprising a session 
management module implemented by the processor that communicates with the database 
to manage the simultaneous tunnel access session provided to more than one subscriber 
accessing the communication network through the network device. 

18. The network device of Claim 16, wherein the subscriber profile defines 
tunneling requirements for the more than one network services that the subscriber has 
been authorized to access. 

19. The network device of Claim 1 8, wherein the tunneling requirements are 
predefined by the subscriber. 

20. The network device of Claim 1 8, wherein the tunneling requirements are 
predefined by the network device administrator. 
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